US20130166981A1 - Apparatus and security system for data loss prevention, and operating method of data loss prevention apparatus - Google Patents

Apparatus and security system for data loss prevention, and operating method of data loss prevention apparatus Download PDF

Info

Publication number
US20130166981A1
US20130166981A1 US13/362,838 US201213362838A US2013166981A1 US 20130166981 A1 US20130166981 A1 US 20130166981A1 US 201213362838 A US201213362838 A US 201213362838A US 2013166981 A1 US2013166981 A1 US 2013166981A1
Authority
US
United States
Prior art keywords
instance
line
packets
processing
mirroring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US13/362,838
Other versions
US8966606B2 (en
Inventor
Sang Seok Lee
Tae Wan Kim
Il Hoon CHOI
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Somansa Co Ltd
Original Assignee
Somansa Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Somansa Co Ltd filed Critical Somansa Co Ltd
Assigned to SOMANSA CO., LTD. reassignment SOMANSA CO., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CHOI, IL HOON, KIM, TAE WAN, LEE, SANG SEOK
Publication of US20130166981A1 publication Critical patent/US20130166981A1/en
Application granted granted Critical
Publication of US8966606B2 publication Critical patent/US8966606B2/en
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0668Management of faults, events, alarms or notifications using network fault recovery by dynamic selection of recovery network elements, e.g. replacement by the most appropriate element after failure
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/08Arrangements for detecting or preventing errors in the information received by repeating transmission, e.g. Verdan system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/22Arrangements for preventing the taking of data from a data transmission channel without authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/2002Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where interconnections or communication control functionality are redundant
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/2097Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements maintaining the standby controller/processing unit updated
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/54Store-and-forward switching systems 
    • H04L12/56Packet switching systems
    • H04L12/5601Transfer mode dependent, e.g. ATM
    • H04L2012/5603Access techniques

Definitions

  • the present invention relates to a high-performance package security system, and more particularly, to a DLP security system capable of processing and filtering a packet in an in-line method or a mirroring method and an operating method thereof.
  • a content-aware data loss prevention (DLP) security system prevents an accident by interrupting or leaving a log when a user accesses customer's personal confidential information, an in-company confidential material, and the like through an e-mail, a messenger, a P2P, or the like.
  • DLP data loss prevention
  • the DLP security system may perform content and protocol based information leakage prevent on and malignant activity interrupt on functions such as blocking accessing to unsound sites or leaving log information when the user accesses the Internet.
  • the DLP security system in the related art is determined and operated in a specific network matching method between an in-line method and a mirroring method during initial installation. Specifically, the DLP security system using the in-line method in the related art is installed directly on a network line to interrupt a bidirectional packet in real time or leave the log. The DLP security system using the mirroring method in the related art collects a packet receiving the bidirectional packet through a TAP without influencing an original traffic installing the TAP on the network line.
  • the DLP security system using the in-line method in the related art is linked with an additional fail over device (F.O.D) system against a network fail in which an Internet line is interrupted and the Internet is disconnected when a system fail occurs to continuously provide a service among existing networks through an F.O.D even though a system fail occurs, thereby making it possible to assure network availability.
  • F.O.D fail over device
  • the DLP security system in the related art cannot but abandon logging and interrupting functions of personal information leakage packets during replacing or restoring the system.
  • the DLP security system using the mirroring method in the related art does not influence an original network at all even when the system is broken, but there is a problem in that a real-time interruption rate is deteriorated according to an Internet protocol or network components. Further, the DLP security system of the mirroring method in the related art cannot but abandon logging and interrupting functions of packets during replacing or restoring the system.
  • An exemplary embodiment of the present invention provides a DLP apparatus, including: an Ethernet signal matching unit converting Ethernet signals received from a fail over device that are transmitted and received between an external network and an internal network; a packet processing unit classifying the packets into first packets required to be precisely judged and packets not required to be precisely judged and transferring the second packets to the fail over device to transmit the corresponding packets to an original destination; multi instance software operating a plurality of processing instances judging whether the first packets are final packets requiring log storing or session interruption by a predetermined judgment algorithm; a multi instance matching unit allocating a judgment job of the first packets to the plurality of processing instances according to a predetermined reference; and a management instance software verifying whether there is a processing instance which is normally operated among the plurality of processing instances when a fail occurs in at least one of the plurality of processing instances and command the multi instance matching unit to allocate the judgment job which is allocated to the processing instance in which the fail occurs to the processing instance which is normally operated when there is the processing instance which is normally
  • Another exemplary embodiment of the present invention provides a DLP security system, including: a fail over device exchanging Ethernet signals transmitted and received between an external network and an internal network in an in-line method or a mirroring method; and a DLP apparatus including a processing instance judging whether log storing or interruption is required with respect to packets corresponding to the Ethernet signals and performing processing corresponding to a result of the judging, receiving the Ethernet signals in the in-line method from the fail over device controlling the fail over device in the in-line method when the processing instance is normally operated, and receiving the Ethernet signals in the mirroring method from the fail over device controlling the fail over device in the mirroring method when a fail occurs in the processing instance.
  • Yet another exemplary embodiment of the present invention provides an operating method of a DLP apparatus, including: converting, into packets, Ethernet signals received from a fail over device that are transmitted and received between an external network and an internal network; analyzing the packets to classify the packets into first packets required to be precisely judged and second packets not required to be precisely judged; distributing and allocating a judgment job about the first packet to at least one in-line instance according to a predetermined reference; and allocating the judgment job distributed to the in-line instance in which a fail occurs to the in-line instance which is normally operated when it is verified whether there is the in-line instance which is normally operated in the case where the fail occurs in the at least one in-line instance.
  • FIG. 1 is a configuration diagram showing a content-aware DLP security system according to an exemplary embodiment of the present invention.
  • FIG. 2A is a flowchart showing an operating method of a DLP apparatus according to an exemplary embodiment of the present invention.
  • FIG. 2B is a diagram showing a fail over device set by a mirroring method according to an exemplary embodiment of the present invention.
  • FIG. 3A is a diagram showing a duplication mode according to an exemplary embodiment of the present invention.
  • FIG. 3B is a diagram showing a load balancing mode according to an exemplary embodiment of the present invention.
  • FIG. 3C is a diagram showing a dual mode according to an exemplary embodiment of the present invention.
  • FIG. 1 is a configuration diagram showing a content-aware DLP security system according to an exemplary embodiment of the present invention.
  • the content-aware DLP security system 12 includes a fail over device (F.O.D) 200 and a DLP apparatus 100 .
  • F.O.D fail over device
  • the F.O.D 200 transmits an Ethernet signal between an external network and an internal network to the DLP apparatus 100 by an in-line method or a mirroring method according to a control of the DLP apparatus 100 .
  • the F.O.D 200 transfers input/output packets of bidirectional (inbound and outbound) traffic to the DLP apparatus 100 operating in an in-line method during a normal operation, or receives the input/output packets from the DLP apparatus 100 to transmit the corresponding input/output packets to a destination.
  • the network traffics between the external network and the internal network are divided into the in-bound traffics transferred from ⁇ circle around ( ⁇ ) ⁇ to ⁇ circle around ( ⁇ ) ⁇ ′ and out-bound traffics transferred from ⁇ circle around ( 2 ) ⁇ to ⁇ circle around ( 2 ) ⁇ ′.
  • the F.O.D 200 primarily transfers all of the bidirectional network traffics to the DLP apparatus 100 and the DLP apparatus 100 packet-processes the traffics and thereafter, the F.O.D 200 receives packets judged that precise judgment is not required again to transmit the received packets to an original destination network.
  • the F.O.D 200 is switched to the mirroring method when the fail of the DLP apparatus 100 occurs and mirrors the Ethernet signal between the external network and the internal network in the mirroring method using a TAP as a network switch to transmit the mirrored Ethernet signal to the DLP apparatus 100 .
  • the DLP apparatus 100 includes a network state controlling unit 130 , an Ethernet signal matching unit 110 , a packet processing unit 120 , a multi instance matching unit 140 , and multi instance software 150 .
  • the Ethernet signal matching unit 110 and the packet processing unit 120 may be included in PCI-e type packet processing card 110 and 120 .
  • the PCI-e type packet processing card 110 and 120 and the multi instance matching unit 140 are provided in one main board and the multi instance software 150 and management instance software 160 may be executed in the corresponding board.
  • the network state controlling unit 130 transfers a control command to the F.O.D 200 to control a network matching method of the F.O.D 200 by the in-line method or mirroring method.
  • the network state controlling unit 130 may switch the network matching method according to a control of the management instance software 160 .
  • the Ethernet signal matching unit 110 includes two Ethernet ports that transmit and receive the bidirectional network traffics, respectively and converts the Ethernet signals inputted into and outputted from the two Ethernet ports into packet types to transfer the converted packets to the packet processing unit 120 .
  • the packet processing unit 120 analyzes, filters, pattern-matches or session-manages the inputted/outputted packets to filter effective packets required to be precisely judged.
  • the packet processing unit 120 may be a multi core processor or multi core logic.
  • the packet processing unit 120 analyzes the inputted/outputted packets, verifies information on the packets, filters the packets, pattern-matches the packets, or session-manages the packets depending on their own purposes, and transfers the effective packets required to be precisely judged for interruption or logging to the multi instance software 150 through the multi instance matching unit 140 and retransmits other packets which may be passed to the F.O.D 200 to transmit the corresponding packets to an original destination network.
  • the multi instance matching unit 140 may allocate a judgment job of the effective packets received from the packet processing unit 120 to the multi instance software 150 in various methods.
  • the multi instance matching unit 140 may allocate the same judgment job to each in-line instance to perform the same judgment job, distribute and allocate the judgment job based on the traffics so as to allocate substantially the same traffics to each in-line instance, and transfer effective packet of corresponding protocols to the in-line instances that take charge of different protocols to allocate the judgment job based on the protocol of the effective packet.
  • the management instance software 160 may verify the traffic (processing load), an operational state of each in-line instance, or the like, notify occurrence of an error to the multi instance matching unit 140 when the error occurs in the in-line instance, and control the network matching method of the F.O.D 200 according to the operational state (the occurrence of the fail or not) of the in-line instance.
  • the management instance software 160 may control the F.O.D 200 in the in-line method through the network state controlling unit 130 when the in-line instance is normally operated and control the F.O.D 200 in the mirroring method when the fail occurs in all the in-line instances.
  • the multi instance software 150 as software operating a plurality of instances is mounted with a judgment algorithm, a logging function, and an interruption function.
  • Each in-line instance and each mirroring instance judge whether the effective packets received from the multi instance matching unit 140 are packets (final effective packets) harmful or confidential information, according to the judgment algorithm and when each in-line instance and each mirroring instance judge that the effective packets are the final effective packets, each in-line instance and each mirroring instance interrupt a session corresponding to the final effective packet or store a log for the final effective packet according to a predetermined policy corresponding to the type.
  • the in-line instance when the in-line instance is allocated with the judgment job for the effective packet, the in-line instance performs the corresponding judgment job in real time and processes the judgment job in the in-line method in which other processing of the corresponding effective packet cannot be performed until the judgment job of the corresponding effective packet ends. Therefore, the in-line instance generally processes a small quantity of traffics.
  • the mirroring instance Since the mirroring instance performs post-processing of the effective packet while being allocated with the judgment job of the effective packet, the mirroring instance processes the judgment job in the mirroring method which does not influence even other processing of the corresponding effective packet even though the judgment job of the corresponding effective packet does not end. Therefore, the mirroring instance generally processes a large quantity of traffics.
  • the DLP apparatus of FIG. 1 includes total n-1 in-line instances and one mirroring instance as an example, but the DLP apparatus may include a plurality of instances constituted by in-line instances and mirroring instances half and half and may be configured to include only a plurality of in-line instances or only a plurality of mirroring instances.
  • FIG. 2A is a flowchart showing an operating method of a DLP apparatus according to an exemplary embodiment of the present invention
  • FIG. 2B is a diagram showing a fail over device set by a mirroring method according to an exemplary embodiment of the present invention.
  • the management instance software 160 verifies whether the fail occurs in the in-line instance (S 210 ).
  • the management instance software 160 verifies whether the fail occurs in all the in-line instances when the fail occurs in the in-line instance (S 220 ).
  • the management instance software 160 processes the corresponding judgment job by other in-line instance or mirroring instance controlling the multi instance matching unit 140 so as to distribute the judgment job of the effective packet allocated to the in-line instance in which the fail occurs to other in-line instance or mirroring instance when the fail does not occur in all the in-line instance (S 260 ).
  • the management instance software 160 switches the F.O.D 200 to the mirroring method through the network state controlling unit 130 when the fail occurs in all the in-line instances (S 230 ). Therefore, the F.O.D 200 may continuously perform the judgment job of the effective packet by the mirroring instance while continuously collecting the effective packet mirroring the network traffic to the DLP apparatus 100 and bypassing the network traffic connecting the network traffics of ⁇ circle around ( ⁇ ) ⁇ and ⁇ circle around ( ⁇ ) ⁇ ′ and ⁇ circle around ( 2 ) ⁇ and ⁇ circle around ( 2 ) ⁇ ′ by the TAP, as shown in FIG. 2B .
  • the management instance software 160 verifies whether the in-line instance is restored while continuously performing the judgment job by the mirroring instance (S 240 ).
  • the management instance software 160 switches the F.O.D 200 to the in-line method through the network state controlling unit 130 when the in-line instance is restored (S 250 ). Then, the F.O.D 200 is switched to the in-line method again to transfer the network traffics by the in-line method and the multi instance software 150 may normally in-line process the packets.
  • the DLP security system including the plurality of in-line instances and at least one mirroring instance is described as an example in FIGS. 2A and 2B , but the DLP security system may include only the in-line instance or only the mirroring instance.
  • the DLP security system including only the in-line instance allocates the judgment job allocated to the in-line instance in which the fail occurs to the in-line instance which is normally operated when even one in-line instance is normally operated.
  • the DLP security system including only the mirroring instance allocates the judgment job allocated to the mirroring instance in which the fail occurs to the mirroring instance which is normally operated when even one mirroring instance is normally operated.
  • FIGS. 3A to 3C a packet processing method of a DLP apparatus according to an exemplary embodiment of the present invention will be described with reference to FIGS. 3A to 3C .
  • FIG. 3A is a diagram showing a duplication mode according to an exemplary embodiment of the present invention
  • FIG. 3B is a diagram showing a load balancing mode according to an exemplary embodiment of the present invention
  • FIG. 3C is a diagram showing a dual mode according to an exemplary embodiment of the present invention.
  • FIGS. 3A and 3B show a DLP apparatus including two in-line instances as an example
  • FIG. 3C show a DLP apparatus including one in-line instance and one mirroring instance as an example.
  • the multi instance matching unit 140 transmits the same in-line packet to two in-line instances and each in-line instance receives the in-line packet through a channel occupied by each in-line instance.
  • the other in-line instance may perform the judgment job, and interruption and logging functions with respect to the corresponding packet, and as a result, an reallocation of the judgment job need not when the hindrance occurs.
  • the multi instance matching unit 140 distributes and allocates the judgment job of the effective packet to each in-line instance through load balancing.
  • the multi instance matching unit 140 may divide and allocate the judgment job of the effective packet substantially by halves based on the traffic and may distinguish the protocol of the effective packet to distribute and allocate the distinguished protocol to the in-line instance that takes charge of processing each protocol.
  • FIG. 3B when one in-line instance is not normally operated due to the fail, all the packets which are transmitted to the broken in-line instance are transmitted to the other in-line instance which is normally operated, and as a result, high availability can be assured by the other in-line instance.
  • the multi instance matching unit 140 transmits the effective packet to be processed by in-line method based on the protocol to the in-line instance and transmits the other effective packet to the mirroring instance.
  • the in-line instance is broken, all the effective packets are mirrored to the mirroring instance which is normally operated to assure high availability by the mirroring instance.
  • the DLP apparatus includes two in-line instances as an example, but even though the DLP apparatus includes only the mirroring instance without the in-line instance, the DLP apparatus may perform the same function.
  • an optimized service can be provided for each protocol by a fail restoring device providing an in-line method, a mirroring method, or an in-line/mirroring dual method according to software set-up, efficiency of network operating/maintenance can be improved, effectiveness of an implementation/maintenance cost can also be improved, and high availability of a network can be assured.
  • the implementation cost can be reduced according to ensuring high availability by multi instance software and one DLP-exclusive hardware in one system without providing a plurality of systems or a plurality of packet processing boards like the related art.
  • One instance software is driven per channel by driving multi-instances in one system, and as a result, another instance processes corresponding packets even though a fail occurs in one instance to assure availability of the network itself, and high availability and high reliability of a DLP function. Accordingly, the present invention can be more efficient to a recent network environment in which most of the causes of the fail are not hardware factors but software factors such as excessive traffics or the use of excessive resources.

Abstract

Disclosed are a DLP security system and an operating method thereof. An operating method of a data loss prevention (DLP) apparatus, comprising: converting, into packets, Ethernet signals received from a fail over device that are transmitted and received between an external network and internal network; analyzing the packets to classify the packets into first packets required to be precisely judged and second packets not required to be precisely judged; distributing and allocating a judgment job about the first packet to at least one in-line instance according to a predetermined reference; and allocating the judgment job distributed to the in-line instance in which a fail occurs to the in-line instance which is normally operated when it is verified whether there is an in-line instance which is normally operated in the case where the fail occurs in the at least one in-line instance.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application claims priority under 35 U.S.C. §119 to Korean Patent Application No. 10-2011-0140585, filed on Dec. 22, 2011, in the Korean Intellectual Property Office, the disclosure of which is incorporated herein by reference in its entirety.
    • TECHNICAL FIELD
  • The present invention relates to a high-performance package security system, and more particularly, to a DLP security system capable of processing and filtering a packet in an in-line method or a mirroring method and an operating method thereof.
    • BACKGROUND
  • In general, a content-aware data loss prevention (DLP) security system prevents an accident by interrupting or leaving a log when a user accesses customer's personal confidential information, an in-company confidential material, and the like through an e-mail, a messenger, a P2P, or the like.
  • Moreover, the DLP security system may perform content and protocol based information leakage prevent on and malignant activity interrupt on functions such as blocking accessing to unsound sites or leaving log information when the user accesses the Internet.
  • The DLP security system in the related art is determined and operated in a specific network matching method between an in-line method and a mirroring method during initial installation. Specifically, the DLP security system using the in-line method in the related art is installed directly on a network line to interrupt a bidirectional packet in real time or leave the log. The DLP security system using the mirroring method in the related art collects a packet receiving the bidirectional packet through a TAP without influencing an original traffic installing the TAP on the network line.
  • The DLP security system using the in-line method in the related art is linked with an additional fail over device (F.O.D) system against a network fail in which an Internet line is interrupted and the Internet is disconnected when a system fail occurs to continuously provide a service among existing networks through an F.O.D even though a system fail occurs, thereby making it possible to assure network availability. However, the DLP security system in the related art cannot but abandon logging and interrupting functions of personal information leakage packets during replacing or restoring the system.
  • The DLP security system using the mirroring method in the related art does not influence an original network at all even when the system is broken, but there is a problem in that a real-time interruption rate is deteriorated according to an Internet protocol or network components. Further, the DLP security system of the mirroring method in the related art cannot but abandon logging and interrupting functions of packets during replacing or restoring the system.
    • SUMMARY
  • An exemplary embodiment of the present invention provides a DLP apparatus, including: an Ethernet signal matching unit converting Ethernet signals received from a fail over device that are transmitted and received between an external network and an internal network; a packet processing unit classifying the packets into first packets required to be precisely judged and packets not required to be precisely judged and transferring the second packets to the fail over device to transmit the corresponding packets to an original destination; multi instance software operating a plurality of processing instances judging whether the first packets are final packets requiring log storing or session interruption by a predetermined judgment algorithm; a multi instance matching unit allocating a judgment job of the first packets to the plurality of processing instances according to a predetermined reference; and a management instance software verifying whether there is a processing instance which is normally operated among the plurality of processing instances when a fail occurs in at least one of the plurality of processing instances and command the multi instance matching unit to allocate the judgment job which is allocated to the processing instance in which the fail occurs to the processing instance which is normally operated when there is the processing instance which is normally operated.
  • Another exemplary embodiment of the present invention provides a DLP security system, including: a fail over device exchanging Ethernet signals transmitted and received between an external network and an internal network in an in-line method or a mirroring method; and a DLP apparatus including a processing instance judging whether log storing or interruption is required with respect to packets corresponding to the Ethernet signals and performing processing corresponding to a result of the judging, receiving the Ethernet signals in the in-line method from the fail over device controlling the fail over device in the in-line method when the processing instance is normally operated, and receiving the Ethernet signals in the mirroring method from the fail over device controlling the fail over device in the mirroring method when a fail occurs in the processing instance.
  • Yet another exemplary embodiment of the present invention provides an operating method of a DLP apparatus, including: converting, into packets, Ethernet signals received from a fail over device that are transmitted and received between an external network and an internal network; analyzing the packets to classify the packets into first packets required to be precisely judged and second packets not required to be precisely judged; distributing and allocating a judgment job about the first packet to at least one in-line instance according to a predetermined reference; and allocating the judgment job distributed to the in-line instance in which a fail occurs to the in-line instance which is normally operated when it is verified whether there is the in-line instance which is normally operated in the case where the fail occurs in the at least one in-line instance.
  • Other features and aspects will be apparent from the following detailed description, the drawings, and the claims.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a configuration diagram showing a content-aware DLP security system according to an exemplary embodiment of the present invention.
  • FIG. 2A is a flowchart showing an operating method of a DLP apparatus according to an exemplary embodiment of the present invention.
  • FIG. 2B is a diagram showing a fail over device set by a mirroring method according to an exemplary embodiment of the present invention.
  • FIG. 3A is a diagram showing a duplication mode according to an exemplary embodiment of the present invention.
  • FIG. 3B is a diagram showing a load balancing mode according to an exemplary embodiment of the present invention.
  • FIG. 3C is a diagram showing a dual mode according to an exemplary embodiment of the present invention.
    •  DETAILED DESCRIPTION OF EMBODIMENTS
  • Hereinafter, exemplary embodiments will be described in detail with reference to the accompanying drawings. Throughout the drawings and the detailed description, unless otherwise described, the same drawing reference numerals will be understood to refer to the same elements, features, and structures. The relative size and depiction of these elements may be exaggerated for clarity, illustration, and convenience. The following detailed description is provided to assist the reader in gaining a comprehensive understanding of the methods, apparatuses, and/or systems described herein. Accordingly, various changes, modifications, and equivalents of the methods, apparatuses, and/or systems described herein will be suggested to those of ordinary skill in the art. Also, descriptions of well-known functions and constructions may be omitted for increased clarity and conciseness.
  • Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. FIG. 1 is a configuration diagram showing a content-aware DLP security system according to an exemplary embodiment of the present invention.
  • As shown in FIG. 1, the content-aware DLP security system 12 includes a fail over device (F.O.D) 200 and a DLP apparatus 100.
  • The F.O.D 200 transmits an Ethernet signal between an external network and an internal network to the DLP apparatus 100 by an in-line method or a mirroring method according to a control of the DLP apparatus 100.
  • The F.O.D 200 transfers input/output packets of bidirectional (inbound and outbound) traffic to the DLP apparatus 100 operating in an in-line method during a normal operation, or receives the input/output packets from the DLP apparatus 100 to transmit the corresponding input/output packets to a destination.
  • Specifically, the network traffics between the external network and the internal network are divided into the in-bound traffics transferred from {circle around (┐)} to {circle around (┐)}′ and out-bound traffics transferred from {circle around (2)} to {circle around (2)}′. The F.O.D 200 primarily transfers all of the bidirectional network traffics to the DLP apparatus 100 and the DLP apparatus 100 packet-processes the traffics and thereafter, the F.O.D 200 receives packets judged that precise judgment is not required again to transmit the received packets to an original destination network.
  • Meanwhile, the F.O.D 200 is switched to the mirroring method when the fail of the DLP apparatus 100 occurs and mirrors the Ethernet signal between the external network and the internal network in the mirroring method using a TAP as a network switch to transmit the mirrored Ethernet signal to the DLP apparatus 100.
  • The DLP apparatus 100 includes a network state controlling unit 130, an Ethernet signal matching unit 110, a packet processing unit 120, a multi instance matching unit 140, and multi instance software 150. In this case, the Ethernet signal matching unit 110 and the packet processing unit 120 may be included in PCI-e type packet processing card 110 and 120. In addition, the PCI-e type packet processing card 110 and 120 and the multi instance matching unit 140 are provided in one main board and the multi instance software 150 and management instance software 160 may be executed in the corresponding board.
  • The network state controlling unit 130 transfers a control command to the F.O.D 200 to control a network matching method of the F.O.D 200 by the in-line method or mirroring method. In this case, the network state controlling unit 130 may switch the network matching method according to a control of the management instance software 160.
  • The Ethernet signal matching unit 110 includes two Ethernet ports that transmit and receive the bidirectional network traffics, respectively and converts the Ethernet signals inputted into and outputted from the two Ethernet ports into packet types to transfer the converted packets to the packet processing unit 120.
  • The packet processing unit 120 analyzes, filters, pattern-matches or session-manages the inputted/outputted packets to filter effective packets required to be precisely judged. In this case, the packet processing unit 120 may be a multi core processor or multi core logic.
  • Specifically, the packet processing unit 120 analyzes the inputted/outputted packets, verifies information on the packets, filters the packets, pattern-matches the packets, or session-manages the packets depending on their own purposes, and transfers the effective packets required to be precisely judged for interruption or logging to the multi instance software 150 through the multi instance matching unit 140 and retransmits other packets which may be passed to the F.O.D 200 to transmit the corresponding packets to an original destination network.
  • The multi instance matching unit 140 may allocate a judgment job of the effective packets received from the packet processing unit 120 to the multi instance software 150 in various methods.
  • For example, the multi instance matching unit 140 may allocate the same judgment job to each in-line instance to perform the same judgment job, distribute and allocate the judgment job based on the traffics so as to allocate substantially the same traffics to each in-line instance, and transfer effective packet of corresponding protocols to the in-line instances that take charge of different protocols to allocate the judgment job based on the protocol of the effective packet.
  • The management instance software 160 may verify the traffic (processing load), an operational state of each in-line instance, or the like, notify occurrence of an error to the multi instance matching unit 140 when the error occurs in the in-line instance, and control the network matching method of the F.O.D 200 according to the operational state (the occurrence of the fail or not) of the in-line instance.
  • Specifically, the management instance software 160 may control the F.O.D 200 in the in-line method through the network state controlling unit 130 when the in-line instance is normally operated and control the F.O.D 200 in the mirroring method when the fail occurs in all the in-line instances.
  • The multi instance software 150 as software operating a plurality of instances is mounted with a judgment algorithm, a logging function, and an interruption function.
  • Each in-line instance and each mirroring instance judge whether the effective packets received from the multi instance matching unit 140 are packets (final effective packets) harmful or confidential information, according to the judgment algorithm and when each in-line instance and each mirroring instance judge that the effective packets are the final effective packets, each in-line instance and each mirroring instance interrupt a session corresponding to the final effective packet or store a log for the final effective packet according to a predetermined policy corresponding to the type.
  • Meanwhile, when the in-line instance is allocated with the judgment job for the effective packet, the in-line instance performs the corresponding judgment job in real time and processes the judgment job in the in-line method in which other processing of the corresponding effective packet cannot be performed until the judgment job of the corresponding effective packet ends. Therefore, the in-line instance generally processes a small quantity of traffics.
  • Since the mirroring instance performs post-processing of the effective packet while being allocated with the judgment job of the effective packet, the mirroring instance processes the judgment job in the mirroring method which does not influence even other processing of the corresponding effective packet even though the judgment job of the corresponding effective packet does not end. Therefore, the mirroring instance generally processes a large quantity of traffics.
  • Meanwhile, the DLP apparatus of FIG. 1 includes total n-1 in-line instances and one mirroring instance as an example, but the DLP apparatus may include a plurality of instances constituted by in-line instances and mirroring instances half and half and may be configured to include only a plurality of in-line instances or only a plurality of mirroring instances.
  • Referring to FIGS. 2A and 2B, an operating method of the DLP apparatus according to an exemplary embodiment of the present invention when the fail occurs in the in-line instance in the DLP security system having the structure shown in FIG. 1 will be described. FIG. 2A is a flowchart showing an operating method of a DLP apparatus according to an exemplary embodiment of the present invention and FIG. 2B is a diagram showing a fail over device set by a mirroring method according to an exemplary embodiment of the present invention.
  • Referring to FIG. 2A, the management instance software 160 verifies whether the fail occurs in the in-line instance (S210).
  • The management instance software 160 verifies whether the fail occurs in all the in-line instances when the fail occurs in the in-line instance (S220). The management instance software 160 processes the corresponding judgment job by other in-line instance or mirroring instance controlling the multi instance matching unit 140 so as to distribute the judgment job of the effective packet allocated to the in-line instance in which the fail occurs to other in-line instance or mirroring instance when the fail does not occur in all the in-line instance (S260).
  • The management instance software 160 switches the F.O.D 200 to the mirroring method through the network state controlling unit 130 when the fail occurs in all the in-line instances (S230). Therefore, the F.O.D 200 may continuously perform the judgment job of the effective packet by the mirroring instance while continuously collecting the effective packet mirroring the network traffic to the DLP apparatus 100 and bypassing the network traffic connecting the network traffics of {circle around (┐)} and {circle around (┐)}′ and {circle around (2)} and {circle around (2)}′ by the TAP, as shown in FIG. 2B.
  • The management instance software 160 verifies whether the in-line instance is restored while continuously performing the judgment job by the mirroring instance (S240).
  • The management instance software 160 switches the F.O.D 200 to the in-line method through the network state controlling unit 130 when the in-line instance is restored (S250). Then, the F.O.D 200 is switched to the in-line method again to transfer the network traffics by the in-line method and the multi instance software 150 may normally in-line process the packets.
  • Meanwhile, the DLP security system including the plurality of in-line instances and at least one mirroring instance is described as an example in FIGS. 2A and 2B, but the DLP security system may include only the in-line instance or only the mirroring instance. The DLP security system including only the in-line instance allocates the judgment job allocated to the in-line instance in which the fail occurs to the in-line instance which is normally operated when even one in-line instance is normally operated. Further, the DLP security system including only the mirroring instance allocates the judgment job allocated to the mirroring instance in which the fail occurs to the mirroring instance which is normally operated when even one mirroring instance is normally operated.
  • Hereinafter, a packet processing method of a DLP apparatus according to an exemplary embodiment of the present invention will be described with reference to FIGS. 3A to 3C.
  • FIG. 3A is a diagram showing a duplication mode according to an exemplary embodiment of the present invention, FIG. 3B is a diagram showing a load balancing mode according to an exemplary embodiment of the present invention, and FIG. 3C is a diagram showing a dual mode according to an exemplary embodiment of the present invention. FIGS. 3A and 3B show a DLP apparatus including two in-line instances as an example and FIG. 3C show a DLP apparatus including one in-line instance and one mirroring instance as an example.
  • In the duplication mode of FIG. 3A, the multi instance matching unit 140 transmits the same in-line packet to two in-line instances and each in-line instance receives the in-line packet through a channel occupied by each in-line instance. In FIG. 3A, even though a hindrance such as the fail occurs in one in-line instance, the other in-line instance may perform the judgment job, and interruption and logging functions with respect to the corresponding packet, and as a result, an reallocation of the judgment job need not when the hindrance occurs. In this case, only one in-line instance performs the judgment job, and the interruption and logging functions when one in-line instance is normally operated and the other one in-line instance may perform the judgment job, and the interruption and logging functions when the hindrance occurs in one in-line instance.
  • In the load balancing mode of FIG. 3B, the multi instance matching unit 140 distributes and allocates the judgment job of the effective packet to each in-line instance through load balancing. In this case, the multi instance matching unit 140 may divide and allocate the judgment job of the effective packet substantially by halves based on the traffic and may distinguish the protocol of the effective packet to distribute and allocate the distinguished protocol to the in-line instance that takes charge of processing each protocol. Even in FIG. 3B, when one in-line instance is not normally operated due to the fail, all the packets which are transmitted to the broken in-line instance are transmitted to the other in-line instance which is normally operated, and as a result, high availability can be assured by the other in-line instance.
  • As shown in FIG. 3C, in the dual mode in which the in-line instance and the mirroring instance are mixed, the multi instance matching unit 140 transmits the effective packet to be processed by in-line method based on the protocol to the in-line instance and transmits the other effective packet to the mirroring instance. In FIG. 3C, when the in-line instance is broken, all the effective packets are mirrored to the mirroring instance which is normally operated to assure high availability by the mirroring instance.
  • In FIGS. 3A and 3B, the DLP apparatus includes two in-line instances as an example, but even though the DLP apparatus includes only the mirroring instance without the in-line instance, the DLP apparatus may perform the same function.
  • As set forth above, according to exemplary embodiments of the present invention, an optimized service can be provided for each protocol by a fail restoring device providing an in-line method, a mirroring method, or an in-line/mirroring dual method according to software set-up, efficiency of network operating/maintenance can be improved, effectiveness of an implementation/maintenance cost can also be improved, and high availability of a network can be assured.
  • The implementation cost can be reduced according to ensuring high availability by multi instance software and one DLP-exclusive hardware in one system without providing a plurality of systems or a plurality of packet processing boards like the related art.
  • One instance software is driven per channel by driving multi-instances in one system, and as a result, another instance processes corresponding packets even though a fail occurs in one instance to assure availability of the network itself, and high availability and high reliability of a DLP function. Accordingly, the present invention can be more efficient to a recent network environment in which most of the causes of the fail are not hardware factors but software factors such as excessive traffics or the use of excessive resources.
  • A number of exemplary embodiments have been described above. Nevertheless, it will be understood that various modifications may be made. For example, suitable results may be achieved if the described techniques are performed in a different order and/or if components in a described system, architecture, device, or circuit are combined in a different manner and/or replaced or supplemented by other components or their equivalents. Accordingly, other implementations are within the scope of the following claims.

Claims (11)

What is claimed is:
1. A data loss prevention (DLP) apparatus, comprising:
an Ethernet signal matching unit converting Ethernet signals received from a fail over device that are transmitted and received between an external network and an internal network to packets;
a packet processing unit classifying the packets into first packets required to be precisely judged and second packets not required to be precisely judged and transfer the second packets to the fail over device to transmit the corresponding packets to an original destination;
multi instance software operating a plurality of processing instances that judges whether the first packets are final packets requiring log storing or session interruption by a predetermined judgment algorithm;
a multi instance matching unit allocating a judgment job of the first packets to the plurality of processing instances according to a predetermined reference; and
a management instance software verifying whether there is a processing instance which is normally operated among the plurality of processing instances when a fail occurs in at least one of the plurality of processing instances and command the multi instance matching unit to allocate the judgment job which is allocated to the processing instance in which the fail occurs to the processing instance which is normally operated when there is the processing instance which is normally operated.
2. The DLP apparatus of claim 1, wherein:
the management instance software switches the fail over device which is operating in an in-line method to a mirroring method when there is no processing instance which is normally operated,
the multi instance software further operates at least one mirroring instance apart from the plurality of processing instances,
the fail over device bypasses the Ethernet signal using an installed switch and minors the bypassed Ethernet signal to transfer the mirrored signal to the Ethernet signal matching unit, and
the at least one mirroring instance performs the judgment job of the first packet until at least one of the plurality of processing instances is restored.
3. The DLP apparatus of claim 1, wherein the Ethernet signal matching unit and the packet processing unit are included in a PCI-e type packet processing card.
4. The DLP apparatus of claim 1, wherein the multi instance matching unit allocates the judgment job about the same first packet to the plurality of processing instances or distributes and allocates the judgment job about the first packet to the plurality of processing instances considering a protocol of the first packet or a processing load amount of the plurality of processing instances.
5. The DLP apparatus of claim 1, wherein the multi instance software stores a log for the first packet or interrupts a session corresponding to the first packet when the first packet is judged as the final packet.
6. A data loss prevention (DLP) security system, comprising:
a fail over device exchanging Ethernet signals transmitted and received between an external network and an internal network in an in-line method or a mirroring method; and
a DLP apparatus including a processing instance judging whether log storing or interruption is required with respect to packets corresponding to the Ethernet signals and performing processing corresponding to a result of the judging, receiving the Ethernet signals in the in-line method from the fail over device controlling the fail over device in the in-line method when the processing instance is normally operated, and receiving the Ethernet signals in the mirroring method from the fail over device controlling the fail over device in the mirroring method when a fail occurs in the processing instance.
7. The DLP security system of claim 6, wherein the processing instance is at least one in-line instance performing a judgment job about the packets corresponding to the Ethernet signals in the in-line method and at least one mirroring instance performing the judgment job about the packets corresponding to the Ethernet signals in the mirroring method, and
the DLP apparatus allocates the judgment job about the packets corresponding to the Ethernet signals similarly to the at least one inline instance and the at least one mirroring instance or distributes and allocates the judgment job according to a traffic or a protocol.
8. The DLP security system of claim 7, wherein the DLP apparatus verifies whether there is an in-line instance which is normally operated when the fail occurs in the at least one in-line instance and allocates the judgment job which is allocated to the in-line instance in which the fail occurs to the in-line instance which is normally operated when there is the in-line instance which is normally operated, and controls the fail over device in the mirroring method and allocates the judgment job of the packets corresponding to the Ethernet signals to the mirroring instance when there is no in-line instance which is normally operated.
9. The DLP security system of claim 6, wherein when the processing instance is a plurality of in-line instances performing a judgment job of the packets corresponding to the Ethernet signals in the in-line method or a plurality of mirroring instances performing the judgment job of the packets corresponding to the Ethernet signals in the mirroring method, the DLP apparatus allocates the judgment job for the packets corresponding to the Ethernet signals similarly to the plurality of in-line instances or the plurality of mirroring instances or distributes and allocates the judgment job according to the traffic or protocol.
10. An operating method of a data loss prevention (DLP) apparatus, comprising:
converting, into packets, Ethernet signals received from a fail over device that are transmitted and received between an external network and internal network;
analyzing the packets to classify the packets into first packets required to be precisely judged and second packets not required to be precisely judged;
distributing and allocating a judgment job about the first packet to at least one in-line instance according to a predetermined reference; and
allocating the judgment job distributed to the in-line instance in which a fail occurs to the in-line instance which is normally operated when it is verified whether there is an in-line instance which is normally operated in the case where the fail occurs in the at least one in-line instance.
11. The operating method of a DLP apparatus of claim 10, further comprising:
controlling the fail over device which is operating in the in-line method, in the mirroring method when there is no in-line instance which is normally operated; and
performing the judgment job about the first packets corresponding to the Ethernet signals transferred in the mirroring method by a mirroring instance while the fail over device bypasses the Ethernet signals between the external network and the internal network.
US13/362,838 2011-12-22 2012-01-31 Apparatus and security system for data loss prevention, and operating method of data loss prevention apparatus Expired - Fee Related US8966606B2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020110140585A KR101275707B1 (en) 2011-12-22 2011-12-22 Network based data loss prevention appliance system of multi instance structure which assures high availability and provides mirroring, in-line, and mirroring/in-line dual network adjustment method and the operating method thereof
KR10-2011-0140585 2011-12-22

Publications (2)

Publication Number Publication Date
US20130166981A1 true US20130166981A1 (en) 2013-06-27
US8966606B2 US8966606B2 (en) 2015-02-24

Family

ID=48655787

Family Applications (1)

Application Number Title Priority Date Filing Date
US13/362,838 Expired - Fee Related US8966606B2 (en) 2011-12-22 2012-01-31 Apparatus and security system for data loss prevention, and operating method of data loss prevention apparatus

Country Status (2)

Country Link
US (1) US8966606B2 (en)
KR (1) KR101275707B1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160021131A1 (en) * 2014-07-21 2016-01-21 David Paul Heilig Identifying stealth packets in network communications through use of packet headers
CN108958989A (en) * 2017-06-06 2018-12-07 北京猎户星空科技有限公司 A kind of system failure recovery method and device

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101480128B1 (en) * 2013-12-19 2015-01-07 (주)소만사 Network based data loss prevention appliance system providing load-balancing and duplexing using mirroring and inline packet processing and method for the same
CN109040110B (en) * 2018-08-31 2021-10-22 新华三信息安全技术有限公司 Outgoing behavior detection method and device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5699500A (en) * 1995-06-01 1997-12-16 Ncr Corporation Reliable datagram service provider for fast messaging in a clustered environment
US20030140124A1 (en) * 2001-03-07 2003-07-24 Alacritech, Inc. TCP offload device that load balances and fails-over between aggregated ports having different MAC addresses
US20030145117A1 (en) * 2002-01-30 2003-07-31 Bhat Gangadhar D. Intermediate driver having a fail-over function for a virtual network interface card in a system utilizing infiniband architecture
US20050177762A1 (en) * 2003-12-19 2005-08-11 Nokia Inc. Method and system for efficiently failing over interfaces in a network
US20080205263A1 (en) * 2007-02-28 2008-08-28 Embarq Holdings Company, Llc System and method for advanced fail-over for packet label swapping
US20110219208A1 (en) * 2010-01-08 2011-09-08 International Business Machines Corporation Multi-petascale highly efficient parallel supercomputer

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100855205B1 (en) 2008-06-24 2008-09-01 주식회사 나우콤 Apparatus and method for controlling stable network traffic of highly stable availability

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5699500A (en) * 1995-06-01 1997-12-16 Ncr Corporation Reliable datagram service provider for fast messaging in a clustered environment
US20030140124A1 (en) * 2001-03-07 2003-07-24 Alacritech, Inc. TCP offload device that load balances and fails-over between aggregated ports having different MAC addresses
US20030145117A1 (en) * 2002-01-30 2003-07-31 Bhat Gangadhar D. Intermediate driver having a fail-over function for a virtual network interface card in a system utilizing infiniband architecture
US20050177762A1 (en) * 2003-12-19 2005-08-11 Nokia Inc. Method and system for efficiently failing over interfaces in a network
US20080205263A1 (en) * 2007-02-28 2008-08-28 Embarq Holdings Company, Llc System and method for advanced fail-over for packet label swapping
US20110219208A1 (en) * 2010-01-08 2011-09-08 International Business Machines Corporation Multi-petascale highly efficient parallel supercomputer

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160021131A1 (en) * 2014-07-21 2016-01-21 David Paul Heilig Identifying stealth packets in network communications through use of packet headers
US10659478B2 (en) * 2014-07-21 2020-05-19 David Paul Heilig Identifying stealth packets in network communications through use of packet headers
CN108958989A (en) * 2017-06-06 2018-12-07 北京猎户星空科技有限公司 A kind of system failure recovery method and device

Also Published As

Publication number Publication date
US8966606B2 (en) 2015-02-24
KR101275707B1 (en) 2013-07-30

Similar Documents

Publication Publication Date Title
JP6106718B2 (en) Physical unidirectional communication apparatus and method
US8842536B2 (en) Ingress rate limiting
US20080239961A1 (en) Packet routing based on application source
EP1164766A2 (en) Switch connection control apparatus for channels
US8966606B2 (en) Apparatus and security system for data loss prevention, and operating method of data loss prevention apparatus
EP3417576B1 (en) Enhance communication of network traffic
CA2887428C (en) A computer implemented system and method for secure path selection using network rating
US9306959B2 (en) Dual bypass module and methods thereof
TW200910275A (en) Method for dynamically reassigning virtual lane buffer allocation to maximize IO performance
CN105357090A (en) Load balancing method and device for externally-connected bus service system
CN103973560A (en) Device and method for fault treatment of stack links in IRF (intelligent resilient framework) system
CN108924058A (en) Service traffics transmission method and device
CN114363242A (en) Dynamic multi-path optimization method, system and equipment based on cloud network fusion technology
US20100250757A1 (en) Redirection of a request for information
US8849112B2 (en) Apparatus, system, and method for asymmetrical and dynamic routing
WO2017000096A1 (en) Link recovery method and network device
US10652310B2 (en) Secure remote computer network
JP2003152806A (en) Switch connection control system for communication path
WO2020165320A1 (en) Handover of a latency critical application
KR101695958B1 (en) Apparatus and method for securing commuication for electric power demand response system
KR101480128B1 (en) Network based data loss prevention appliance system providing load-balancing and duplexing using mirroring and inline packet processing and method for the same
CN105337888A (en) Multinuclear forwarding-based load balancing method and device, and virtual switch
JP6338186B2 (en) Virtual network system
US20120134265A1 (en) Traffic control system for step-by-step performing traffic control policies, and traffic control method for the same
JP5669647B2 (en) Priority control method and communication system using multiple communication ports

Legal Events

Date Code Title Description
AS Assignment

Owner name: SOMANSA CO., LTD., KOREA, REPUBLIC OF

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:LEE, SANG SEOK;KIM, TAE WAN;CHOI, IL HOON;REEL/FRAME:027673/0619

Effective date: 20120130

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2551); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

Year of fee payment: 4

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20230224